First published: Tue Feb 16 2021(Updated: )
OpenSSL is vulnerable to a denial of service, caused by an integer overflow in CipherUpdate. By sending an overly long argument, an attacker could exploit this vulnerability to cause the application to crash.
Credit: openssl-security@openssl.org
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/jbcs-httpd24-apr | <0:1.6.3-107.el8 | 0:1.6.3-107.el8 |
redhat/jbcs-httpd24-apr-util | <0:1.6.1-84.el8 | 0:1.6.1-84.el8 |
redhat/jbcs-httpd24-curl | <0:7.78.0-2.el8 | 0:7.78.0-2.el8 |
redhat/jbcs-httpd24-httpd | <0:2.4.37-78.el8 | 0:2.4.37-78.el8 |
redhat/jbcs-httpd24-nghttp2 | <0:1.39.2-39.el8 | 0:1.39.2-39.el8 |
redhat/jbcs-httpd24-openssl | <1:1.1.1g-8.el8 | 1:1.1.1g-8.el8 |
redhat/jbcs-httpd24-openssl-chil | <0:1.0.0-7.el8 | 0:1.0.0-7.el8 |
redhat/jbcs-httpd24-openssl-pkcs11 | <0:0.4.10-22.el8 | 0:0.4.10-22.el8 |
redhat/jbcs-httpd24-apr | <0:1.6.3-107.jbcs.el7 | 0:1.6.3-107.jbcs.el7 |
redhat/jbcs-httpd24-apr-util | <0:1.6.1-84.jbcs.el7 | 0:1.6.1-84.jbcs.el7 |
redhat/jbcs-httpd24-curl | <0:7.78.0-2.jbcs.el7 | 0:7.78.0-2.jbcs.el7 |
redhat/jbcs-httpd24-httpd | <0:2.4.37-78.jbcs.el7 | 0:2.4.37-78.jbcs.el7 |
redhat/jbcs-httpd24-nghttp2 | <0:1.39.2-39.jbcs.el7 | 0:1.39.2-39.jbcs.el7 |
redhat/jbcs-httpd24-openssl | <1:1.1.1g-8.jbcs.el7 | 1:1.1.1g-8.jbcs.el7 |
redhat/jbcs-httpd24-openssl-chil | <0:1.0.0-7.jbcs.el7 | 0:1.0.0-7.jbcs.el7 |
redhat/jbcs-httpd24-openssl-pkcs11 | <0:0.4.10-22.jbcs.el7 | 0:0.4.10-22.jbcs.el7 |
redhat/openssl | <1:1.0.2k-22.el7_9 | 1:1.0.2k-22.el7_9 |
redhat/edk2 | <0:20210527gite1999b264f1f-3.el8 | 0:20210527gite1999b264f1f-3.el8 |
redhat/openssl | <1:1.1.1k-4.el8 | 1:1.1.1k-4.el8 |
redhat/jws5-tomcat | <0:9.0.50-3.redhat_00004.1.el7 | 0:9.0.50-3.redhat_00004.1.el7 |
redhat/jws5-tomcat-native | <0:1.2.30-3.redhat_3.el7 | 0:1.2.30-3.redhat_3.el7 |
redhat/jws5-tomcat-vault | <0:1.1.8-4.Final_redhat_00004.1.el7 | 0:1.1.8-4.Final_redhat_00004.1.el7 |
redhat/jws5-tomcat | <0:9.0.50-3.redhat_00004.1.el8 | 0:9.0.50-3.redhat_00004.1.el8 |
redhat/jws5-tomcat-native | <0:1.2.30-3.redhat_3.el8 | 0:1.2.30-3.redhat_3.el8 |
redhat/jws5-tomcat-vault | <0:1.1.8-4.Final_redhat_00004.1.el8 | 0:1.1.8-4.Final_redhat_00004.1.el8 |
OpenSSL OpenSSL | >=1.0.2<1.0.2y | |
OpenSSL OpenSSL | >=1.1.1<1.1.1j | |
Debian Debian Linux | =10.0 | |
Tenable Log Correlation Engine | <6.0.8 | |
Tenable Nessus Network Monitor | =5.11.0 | |
Tenable Nessus Network Monitor | =5.11.1 | |
Tenable Nessus Network Monitor | =5.12.0 | |
Tenable Nessus Network Monitor | =5.12.1 | |
Tenable Nessus Network Monitor | =5.13.0 | |
Oracle Business Intelligence | =5.5.0.0.0 | |
Oracle Business Intelligence | =5.9.0.0.0 | |
Oracle Business Intelligence | =12.2.1.3.0 | |
Oracle Business Intelligence | =12.2.1.4.0 | |
Oracle Communications Cloud Native Core Policy | =1.15.0 | |
Oracle Enterprise Manager For Storage Management | =13.4.0.0 | |
Oracle Enterprise Manager Ops Center | =12.4.0.0 | |
Oracle GraalVM | =19.3.5 | |
Oracle GraalVM | =20.3.1.2 | |
Oracle GraalVM | =21.0.0.2 | |
Oracle Jd Edwards Enterpriseone Tools | <9.2.6.0 | |
Oracle Jd Edwards World Security | =a9.4 | |
Oracle Mysql Server | <5.7.33 | |
Oracle Mysql Server | >=8.0.15<8.0.23 | |
Oracle Nosql Database | <20.3 | |
McAfee ePolicy Orchestrator | <5.10.0 | |
McAfee ePolicy Orchestrator | =5.10.0 | |
McAfee ePolicy Orchestrator | =5.10.0-update_1 | |
McAfee ePolicy Orchestrator | =5.10.0-update_10 | |
McAfee ePolicy Orchestrator | =5.10.0-update_2 | |
McAfee ePolicy Orchestrator | =5.10.0-update_3 | |
McAfee ePolicy Orchestrator | =5.10.0-update_4 | |
McAfee ePolicy Orchestrator | =5.10.0-update_5 | |
McAfee ePolicy Orchestrator | =5.10.0-update_6 | |
McAfee ePolicy Orchestrator | =5.10.0-update_7 | |
McAfee ePolicy Orchestrator | =5.10.0-update_8 | |
McAfee ePolicy Orchestrator | =5.10.0-update_9 | |
Fujitsu M10-1 Firmware | <xcp2410 | |
Fujitsu M10-1 | ||
Fujitsu M10-4 Firmware | <xcp2410 | |
Fujitsu M10-4 | ||
Fujitsu M10-4s Firmware | <xcp2410 | |
Fujitsu M10-4s | ||
Fujitsu M12-1 Firmware | <xcp2410 | |
Fujitsu M12-1 | ||
Fujitsu M12-2 Firmware | <xcp2410 | |
Fujitsu M12-2 | ||
Fujitsu M12-2s Firmware | <xcp2410 | |
Fujitsu M12-2s | ||
Fujitsu M10-1 Firmware | <xcp3110 | |
Fujitsu M10-4 Firmware | <xcp3110 | |
Fujitsu M10-4s Firmware | <xcp3110 | |
Fujitsu M12-1 Firmware | <xcp3110 | |
Fujitsu M12-2 Firmware | <xcp3110 | |
Fujitsu M12-2s Firmware | <xcp3110 | |
Nodejs Node.js | >=10.0.0<=10.12.0 | |
Nodejs Node.js | >=10.13.0<10.24.0 | |
Nodejs Node.js | >=12.0.0<=12.12.0 | |
Nodejs Node.js | >=12.13.0<12.21.0 | |
Nodejs Node.js | >=14.0.0<=14.14.0 | |
Nodejs Node.js | >=15.0.0<15.10.0 | |
Nodejs Node.js | =14.15.0 | |
debian/openssl | 1.1.1n-0+deb10u3 1.1.1n-0+deb10u6 1.1.1w-0+deb11u1 1.1.1n-0+deb11u5 3.0.11-1~deb12u2 3.1.4-2 | |
redhat/openssl | <1.1.1 | 1.1.1 |
redhat/openssl | <1.0.2 | 1.0.2 |
IBM Cognos Analytics | <=12.0.0-12.0.1 | |
IBM Cognos Analytics | <=11.2.0-11.2.4 FP2 | |
IBM Cognos Analytics | <=11.1.1-11.1.7 FP7 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)
The vulnerability ID for this OpenSSL vulnerability is CVE-2021-23840.
CVE-2021-23840 has a severity level of high.
CVE-2021-23840 can cause a denial of service (DoS) due to an integer overflow in CipherUpdate.
To fix CVE-2021-23840, update OpenSSL to the recommended version provided by the vendor.
You can find more information about CVE-2021-23840 on the IBM X-Force Exchange website and the OpenSSL website.